From: Valentine Krasnobaeva Date: Wed, 17 Jul 2024 16:40:41 +0000 (+0200) Subject: BUG/MEDIUM: startup: fix zero-warning mode X-Git-Tag: v3.1-dev4~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcd4bf54c8276db2e562decdf9fccaec8de79f9d;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: startup: fix zero-warning mode Let's check the second time a global counter of "ha_warning" messages, if zero-warning is set. And let's do this just before forking. At this moment we are sure, that we've already done all init operations, where we could emit "ha_warning", and we still have stderr fd opened. Even with the second check, we could lost some late and rare warnings about failing to drop supplementary groups and about re-enabling core dumps. Notes about this are added into 'zero-warning' keyword description. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 8856593456..151cbb10bb 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4176,11 +4176,18 @@ quiet zero-warning When this option is set, HAProxy will refuse to start if any warning was - emitted while processing the configuration. It is highly recommended to set - this option on configurations that are not changed often, as it helps detect - subtle mistakes and keep the configuration clean and forward-compatible. Note - that "haproxy -c" will also report errors in such a case. This option is - equivalent to command line argument "-dW". + emitted while processing the configuration and applying it. It means that + warnings about bad combinations of parameters, warnings about very high + limits that couldn't be set, and so on, make the process exit with an error + during startup. A few late startup warnings cannot be caught by this option, + such as the failure to drop supplementary groups when changing the group ID + in "daemon" or "master-worker" modes, or the failure to mark the process + dumpable after the fork(). This option does not catch warnings emitted at + runtime. It is highly recommended to set this option on configurations that + are not changed often, as it helps to detect subtle mistakes and keep the + configuration clean and forward-compatible. Note that "haproxy -c" will also + report errors in such a case. This option is equivalent to command line + argument "-dW". 3.4. Userlists diff --git a/src/haproxy.c b/src/haproxy.c index c009475834..629a56fa95 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -3485,6 +3485,14 @@ int main(int argc, char **argv) clock_adjust_now_offset(); ready_date = date; + /* catch last warnings, which could be produced while adjusting limits + * or preallocating fds + */ + if (warned & WARN_ANY && global.mode & MODE_ZERO_WARNING) { + ha_alert("Some warnings were found and 'zero-warning' is set. Aborting.\n"); + exit(1); + } + if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) { int ret = 0; int in_parent = 0;